refactor(deployment): Remove WireGuard VPN dependency and restore public service access

Remove WireGuard integration from production deployment to simplify infrastructure:
- Remove docker-compose-direct-access.yml (VPN-bound services)
- Remove VPN-only middlewares from Grafana, Prometheus, Portainer
- Remove WireGuard middleware definitions from Traefik
- Remove WireGuard IPs (10.8.0.0/24) from Traefik forwarded headers

All monitoring services now publicly accessible via subdomains:
- grafana.michaelschiemer.de (with Grafana native auth)
- prometheus.michaelschiemer.de (with Basic Auth)
- portainer.michaelschiemer.de (with Portainer native auth)

All services use Let's Encrypt SSL certificates via Traefik.

src/Framework/ApiGateway/ApiGateway.php

@@ -182,6 +182,11 @@ final readonly class ApiGateway
             connectTimeout: min(3, $timeoutSeconds), // Connect timeout max 3s or total timeout
         );
 
+        // Add authentication if present
+        if ($request instanceof HasAuth) {
+            $options = $options->with(['auth' => $request->getAuth()]);
+        }
+
         // Use factory method for JSON requests if payload is present
         if ($request instanceof HasPayload) {
             return ClientRequest::json(